[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXbIWBZ4EZ-aSX4PwrcBSvDEfCl1ZzlUz6zQgcqzuka8":3,"$f4As86-PbcfOyMGSc17G_oplXR74mRofYQTkOj5F0pVI":481,"$f1NlMAPvOIGPOvICZHqX24fvkM3uphRBHGoe5CAQVy9Y":485},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"discovery_status":26,"vulnerabilities":27,"developer":28,"crawl_stats":24,"alternatives":37,"analysis":135,"fingerprints":449},"challenge","Challenge – Manage and Display Online Challenges","1.0.0","bPlugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fbplugins\u002F","\u003Cp>Online \u003Cstrong>Challenge\u003C\u002Fstrong> management plugin for WordPress. Challenge plugin allows users to easily join and participate in various challenges. Users can access detailed information about the challenges, track their progress, and view results upon completion. With a user-friendly interface, this plugin provides an engaging experience, motivating users to achieve their goals.\u003C\u002Fp>\n\u003Ch4>How to use\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Install the Challenge  plugin.\u003C\u002Fli>\n\u003Cli>Use the provided shortcode wherever you need.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Let users start their journey with new challenges!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For installation help, click on the Installation tab.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Do you enjoy this plugin? Have suggestions or feature requests? \u003Ca href=\"mailto:support@indione.com\" title=\"Send feedback\" rel=\"nofollow ugc\">Share your feedback with us\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>⭐ Explore more from our plugin collection\u003C\u002Fh4>\n\u003Cp>🔥 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fbblockswp.com\u002F\" rel=\"nofollow ugc\">b Blocks\u003C\u002Fa>\u003C\u002Fstrong> – Best Gutenberg block collections for WordPress.\u003C\u002Fp>\n\u003Ch4>⭐ Check out our other WordPress Plugins-\u003C\u002Fh4>\n\u003Cp>🔥 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Faudioplayerwp.com\u002F\" rel=\"nofollow ugc\">Html5 Audio Player\u003C\u002Fa>\u003C\u002Fstrong> – Best audio player plugin for WordPress.\u003Cbr \u002F>\n🔥 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpvideoplayer.com\u002F\" rel=\"nofollow ugc\">Html5 Video Player\u003C\u002Fa>\u003C\u002Fstrong> – Best video player plugin for WordPress.\u003Cbr \u002F>\n🔥 \u003Cstrong>\u003Ca href=\"http:\u002F\u002Fpdfposter.com\u002F\" rel=\"nofollow ugc\">PDF Poster\u003C\u002Fa>\u003C\u002Fstrong> – A fully-featured PDF Viewer Plugin for WordPress.\u003Cbr \u002F>\n🔥 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstreamcast\" rel=\"ugc\">StreamCast\u003C\u002Fa>\u003C\u002Fstrong> – A fully-featured Radio Player Plugin for WordPress.\u003Cbr \u002F>\n🔥 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbutton-block\u002F\" rel=\"ugc\">Button Block\u003C\u002Fa>\u003C\u002Fstrong> – Get fully customizable & multi-functional buttons.\u003Cbr \u002F>\n🔥 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fliteweight-podcast\u002F\" rel=\"ugc\">Liteweight Podcast\u003C\u002Fa>\u003C\u002Fstrong> – Podcast publishing plugin for WP.\u003Cbr \u002F>\n🔥 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-twitter-feeds\" rel=\"ugc\">Easy Twitter Feed\u003C\u002Fa>\u003C\u002Fstrong> – Twitter feeds plugin for WP.\u003Cbr \u002F>\n🔥 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fresponsive-client-logo-carousel-slider\u002F\" rel=\"ugc\">Logo Carousel\u003C\u002Fa>\u003C\u002Fstrong> – Clients logo carousel for WP.\u003C\u002Fp>\n","Online Challenge management plugin for WordPress. This plugin offers an easy interface for users to join challenges, track their progress, and celebra &hellip;",40,750,0,"2026-03-30T14:32:00.000Z","6.9.4","5.0","7.1",[4,19,20],"challenge-management","community-challenge","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchallenge.1.0.0.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":29,"display_name":30,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"bplugins","colorlibplugins",121,740460,98,130,78,"2026-05-19T19:13:55.844Z",[38,62,83,101,117],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":21,"tags":53,"homepage":58,"download_link":59,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":61},"login-dongle","Login Dongle","1.5.2","Andrea Ercolino","https:\u002F\u002Fprofiles.wordpress.org\u002Faercolino\u002F","\u003Cp>Login Dongle protects your login by means of a \u003Ca href=\"http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FSecurity_question\" rel=\"nofollow ugc\">security question\u003C\u002Fa>\u003Cbr \u002F>\n(AKA challenge\u002Fresponse) as an extra security layer. A bookmark is your login dongle.\u003C\u002Fp>\n\u003Ch4>How it works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to your standard login page, fill in the form as usual, and click the bookmark.\u003C\u002Fli>\n\u003Cli>A prompt asks the challenge. Fill in the response, and accept.\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=9zejJewYVi4\u003C\u002Fp>\n\u003Ch4>Why it works\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Under the hood, the bookmark submits login data, together with the challenge and response.\u003C\u002Fli>\n\u003Cli>If both challenge and response validate on the server, the login process goes on as usual, otherwise it dies.\u003C\u002Fli>\n\u003Cli>The login page stays exactly the same as usual, so attackers won’t know how to guess challenge and response.\u003C\u002Fli>\n\u003Cli>Only you know the response to the challenge, so nobody but you will be able to use the bookmarlet.\u003C\u002Fli>\n\u003Cli>People using your PC won’t be able to login even if your browser fills in the login form with your password.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Login Dongle is compatible with any other login plugin.\u003C\u002Fp>\n\u003Cp>For more info, please refer to the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Flogin-dongle\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>\u003Cbr \u002F>\nand the user’s instructions you’ll find on the settings page after activating the plugin.\u003C\u002Fp>\n\u003Ch4>User Guides\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Dutch: http:\u002F\u002Fwww.wpsitemaken.nl\u002Flogin-dongle\u003C\u002Fli>\n\u003Cli>English: http:\u002F\u002Fwww.itechdestiny.com\u002Fwordpress-security-with-login-dongle-plugin\u002F\u003C\u002Fli>\n\u003Cli>English: http:\u002F\u002Fwww.shoutmeloud.com\u002Fsecure-wordpress-login.html\u003C\u002Fli>\n\u003Cli>French: http:\u002F\u002Fneosting.net\u002Fcomment-securiser-acces-login-wordpress-2-etapes\u003C\u002Fli>\n\u003Cli>German: https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fexcellent-plugin-110\u003C\u002Fli>\n\u003Cli>Japanese: http:\u002F\u002Fwp.8jimeyo.info\u002Fplugin\u002Flogin-dongle\u002F\u003C\u002Fli>\n\u003Cli>Turkish: http:\u002F\u002Fhakanertr.wordpress.com\u002F2012\u002F07\u002F24\u002Flogin-dongle\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Quick Reviews\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>http:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fcompatibility-question-for-custom-login\u002F\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwebscripts.softpedia.com\u002Fscript\u002FModules\u002FWordPress-Plugins\u002FLogin-Dongle-80067.html\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fplugin-login-dongle-clever-plugin\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.evohosting.co.uk\u002Fblog\u002Fweb-development\u002Fwordpress-web-development\u002F6-of-the-best-wordpress-security-plugins\u002F\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.labnol.org\u002Finternet\u002Fimprove-wordpress-security\u002F24639\u002F\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fwww.linkedin.com\u002Fgroups\u002FSecurity-suggestions-1482937.S.199139568#commentID_110730071\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.practicalwp.com\u002Flogin-dongle-login-bookmarklet-for-wordpress\u002F\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.wtfdiary.com\u002F2012\u002F08\u002F8-ways-to-secure-your-wordpress-blog.html\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Available translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English (Andrea Ercolino)\u003C\u002Fli>\n\u003Cli>Serbian (Borisa Djuraskovic)\u003C\u002Fli>\n\u003Cli>Spanish (Andrea Ercolino)\u003C\u002Fli>\n\u003Cli>Turkish (Hakan Er)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>NOTE: Here ‘bookmark’ and ‘bookmarklet’ are used interchangeably.\u003C\u002Fp>\n\u003Ch3>Uninstall Instructions\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Click the \u003Cem>Delete\u003C\u002Fem> button in the \u003Cem>Plugins\u002FInstalled Plugins\u003C\u002Fem> list.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If you manually removed the \u003Cem>login-dongle\u003C\u002Fem> plugin directory, or if your version was prior to 1.4.0,\u003Cbr \u002F>\nsome garbage is left into your database. It’s harmless, but if you still want to clean it up, access\u003Cbr \u002F>\nthe \u003Cem>options\u003C\u002Fem> table and remove all the rows whose \u003Cem>option_name\u003C\u002Fem> column start with \u003Cem>login_dongle\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>If your version was prior to 1.1.0, edit the \u003Cem>wp-login.php\u003C\u002Fem> file in the root\u003Cbr \u002F>\ndirectory of your blog and remove the line that begins with \u003Ccode>do_action('login-start');\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>Banner\u003C\u002Fh3>\n\u003Cp>From \u003Ca href=\"http:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Ffotologic\u002F4891100379\" rel=\"nofollow ugc\">Rusty door\u003C\u002Fa>, taken by\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Ffotologic\u002F\" rel=\"nofollow ugc\">fotologic\u003C\u002Fa> on August 14, 2010 in Penbryn, Wales, GB.\u003C\u002Fp>\n","The bookmark to login nobody but you. Simple and secure.",50,25758,90,2,"2014-10-01T21:03:00.000Z","4.0.38","1.0",[54,4,55,56,57],"answer","ddos","response","security-question","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Flogin-dongle\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-dongle.1.5.2.zip",85,"2026-04-06T09:54:40.288Z",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":23,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":21,"tags":76,"homepage":81,"download_link":82,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"envelope-challenge","Envelope Challenge","0.1.0","Peter Odryna","https:\u002F\u002Fprofiles.wordpress.org\u002Fpodryna\u002F","\u003Cp>A comprehensive fundraising plugin that allows you to create your own Envelope Challenge fundraiser using proven techniques.\u003C\u002Fp>\n\u003Ch3>The Envelope Challenge Virtual Fundraising Plugin\u003C\u002Fh3>\n\u003Cp>Envelope Challenge fundraisers have been successfully used by non-profit organizations to raise money to further their goals. In the traditionsl physical version, envelopes are pre-printed with a unique cash value shown on the front. Usually each value is unique. For example, 100 envelopes could be printed with $1 to $100 incrementally on the front. If all envelopes are used, which is often the case, $5050 is raised in the fundraising event. In some cases, prizes are placed in the envelope including discounts for dining or other vendor contributed offerings.\u003C\u002Fp>\n\u003Cp>The Envelope Challenge plugin provides a powerful \u003Cem>virtual\u003C\u002Fem> envelope challenge fundraising system which can be seamlessly integrated into your WordPress website.\u003C\u002Fp>\n\u003Cp>IMPORTANT NOTE: This plugin is a placeholder with limited functionality to test the release and installation process. We are preparing for extensive beta testing and are seeking those with existing WordPress installations that would be suitable for testing prior to production release. Because WordPress installations vary so greatly in thier installation and oprational structure, and because we are seeking to provide excellent quality code when released to production, we wish to obtain as many beta test sites as available. Once you install this plugin, instructions are available in the control panel.\u003C\u002Fp>\n\u003Cp>NO DATA IS CAPTURED OR SENT TO OUTSIDE SERVERS WHILE USING THIS PLUGIN DURING BETA TESTING.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>The plugin key features include:\u003Cbr \u002F>\n* Ability to create a fully custom envelope display page using shortcodes\u003Cbr \u002F>\n* Ability to create 1, 2, 3, or even 4 categories of donation envelopes\u003Cbr \u002F>\n* Fully autoated tracking of available envelopes, marking those sold immediately as purchased\u003Cbr \u002F>\n* Full integration with standard WooCommerce plugin for cart management, purchasing, payment collection, and reporting\u003Cbr \u002F>\n* (Optionally) Integration with the Mailchimp for WooCommerce plugin for email campaign management with donors\u003C\u002Fp>\n\u003Cp>Learn more at https:\u002F\u002Fwww.envelopefundraiser.com\u003C\u002Fp>\n\u003Ch3>Installation Instructions\u003C\u002Fh3>\n\u003Cp>To install, you will first need some other plugins to be installed. These are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WooCommerce version 5.0.0 or later – This is used to manage the shopping cart. LINK: https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\u003C\u002Fli>\n\u003Cli>WooCommerce Cart Stock Reducer version 3.30 or later – Used to manage inventory with cart time-out. LINK: https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce-cart-stock-reducer\u002F\u003C\u002Fli>\n\u003Cli>WooCommerce Payments version 2.0.0 or later – Provides a payment path to Stripe and other providers. LINK: https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce-payments\u002F\u003C\u002Fli>\n\u003Cli>WooCommerce Shipping & Tax version 1.25.9 or later – Calculates taxation, if any. LINK: https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce-services\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>NOTE: No data is being sent to the WooCommerce plugin provider. Payments processed are sent to the payment provider, such as Stripe, for payment processing. Please review the WooCommerce plugin documentation for details on this process.\u003C\u002Fp>\n\u003Cp>In addition these are optional plugins that are highly recommended:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Mailchimp for WooCommerce version 2.5.1 or later – Provides broad email communication tools to reach customers. As an alternative, Constant Contact with its integrated WooCommerce connection can be used but must be manually configured. Please review the Mailchimp data retention and data transmission documentation on details on when data is sent to third parties.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Then upload our Envelope Challenge plugin into your WordPress installation and activate. Once activated, click on the Envelope Challenge control panel on the left side of the WordPress admin panel and follow the configuration instructions.\u003C\u002Fp>\n\u003Cp>Once configured, create a customer fundraising page for your WordPress website and include the shortcodes provided.\u003C\u002Fp>\n\u003Cp>During operation of the Envelope Challenge fundraising plugin, no data is being transmitted except as outlines above.\u003C\u002Fp>\n","A comprehensive fundraising plugin that allows you to create your own Envelope Challenge fundraiser using proven techniques.",10,859,1,"2021-03-21T00:04:00.000Z","5.7.15","5.7",[63,77,78,79,80],"envelope-fundraiser","envelope-fundraising","envelopefundraiser","fundraising","https:\u002F\u002Fwww.envelopefundraiser.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenvelope-challenge.zip",{"slug":84,"name":85,"version":6,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":13,"downloaded":90,"rating":13,"num_ratings":13,"last_updated":91,"tested_up_to":92,"requires_at_least":21,"requires_php":21,"tags":93,"homepage":99,"download_link":100,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"bot-lockout","Bot Lockout","kognetiks","https:\u002F\u002Fprofiles.wordpress.org\u002Fkognetiks\u002F","\u003Cp>Bot Lockout is a security plugin that implements a lightweight cryptographic challenge system to distinguish between real browsers and automated bots. Unlike traditional CAPTCHA systems, it uses JavaScript-based cryptographic operations that are easy for humans but difficult for most bots to solve.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight Protection\u003C\u002Fstrong>: Uses minimal resources and doesn’t impact site performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cryptographic Challenges\u003C\u002Fstrong>: SHA-256 hashing with date and user agent binding\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Whitelisting\u003C\u002Fstrong>: Allow trusted bots (Google, Bing, etc.) and IP addresses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Configuration\u003C\u002Fstrong>: Exclude specific pages and customize block messages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Logging\u003C\u002Fstrong>: Track blocked attempts for analysis\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Styling\u003C\u002Fstrong>: Add custom CSS to match your site’s design\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Daily Token Expiration\u003C\u002Fstrong>: Prevents long-term bypass attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Initial Request\u003C\u002Fstrong>: When a visitor accesses your site, the plugin checks for a valid challenge token\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JavaScript Challenge\u003C\u002Fstrong>: If no token exists, a cryptographic challenge is presented\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Token Generation\u003C\u002Fstrong>: The challenge combines the current date with the user agent string and creates a SHA-256 hash\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Storage\u003C\u002Fstrong>: The hash is base64 encoded, truncated, and stored as a secure cookie\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Validation\u003C\u002Fstrong>: Subsequent requests are validated against the stored token\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Security Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Cryptographically Secure\u003C\u002Fstrong>: Uses SHA-256 hashing algorithm\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Time-Bound\u003C\u002Fstrong>: Tokens expire daily to prevent long-term bypass\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Browser-Specific\u003C\u002Fstrong>: User agent binding prevents token sharing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Cookies\u003C\u002Fstrong>: Implements proper cookie security settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist Support\u003C\u002Fstrong>: Allow trusted services and IP addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Multi-Site Support\u003C\u002Fh4>\n\u003Cp>Bot Lockout supports WordPress Multi-Site installations with both network-wide and site-specific configurations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Network Activation\u003C\u002Fstrong>: Apply settings to all sites in the network\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site-Specific Activation\u003C\u002Fstrong>: Independent settings for each site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mixed Configuration\u003C\u002Fstrong>: Network-wide defaults with site-specific overrides\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Advisory\u003C\u002Fh3>\n\u003Cp>Bot Lockout is one layer in a broader security strategy, not a silver bullet.\u003C\u002Fp>\n\u003Cp>While Bot Lockout is designed to deter automated bots and AI scrapers through cryptographic JavaScript challenges, no single solution can offer complete protection. Web scraping technologies continue to evolve, and determined actors may find ways to bypass front-end defenses.\u003C\u002Fp>\n\u003Cp>This plugin should be used as part of a multi-layered approach to website security. For best results, we recommend combining Bot Lockout with additional tools such as server-level firewalls, rate limiting, CAPTCHA systems, behavior-based threat detection, and CDN-level bot mitigation.\u003C\u002Fp>\n\u003Cp>Kognetiks makes no guarantee that this plugin will block all unwanted bot traffic. It is intended as a proactive, lightweight defense mechanism—not a comprehensive security system. Users are responsible for evaluating their own threat model and deploying appropriate complementary protections.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please visit the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fbot-lockout\u002F\" rel=\"ugc\">WordPress.org support forums\u003C\u002Fa> or check the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbot-lockout\u002F\" rel=\"ugc\">plugin documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Developer\u003C\u002Fstrong>: Kognetiks\u003C\u002Fp>\n\u003Cp>This plugin is licensed under the GPL v3 or later.\u003C\u002Fp>\n","A lightweight WordPress plugin that protects your site from AI scrapers and bad bots using cryptographic JavaScript challenges.",313,"2025-07-29T13:21:00.000Z","6.8.5",[94,95,96,97,98],"anti-scraping","bot-protection","captcha","javascript-challenge","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbot-lockout\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbot-lockout.1.0.0.zip",{"slug":102,"name":103,"version":6,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":13,"downloaded":108,"rating":13,"num_ratings":13,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":21,"tags":112,"homepage":115,"download_link":116,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"mb-challenge-response-authentication","MB Challenge response authentication","Yeora","https:\u002F\u002Fprofiles.wordpress.org\u002Fmabipress\u002F","\u003Cp>The “MB Challenge response authentication” plugin extends the\u003Cbr \u002F>\ndefault WordPress authentication with a challenge response authentication.\u003Cbr \u002F>\nThis ensures that passwords during login are no longer stored in the\u003Cbr \u002F>\nclear text during the login process.\u003C\u002Fp>\n\u003Cp>Via a menu item in the administration you can also set whether the challenge response authentication should be enforced or not. If challenge response authentication is not enforced\u003Cbr \u002F>\nthe default WordPress authentication is allowed as fallback.\u003Cbr \u002F>\nThis is the case if a user cannot hash on the client side.\u003C\u002Fp>\n\u003Cp>Furthermore, the default WordPress hasher is overridden and PHP native functions like password_hash and password_verify are used.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Special thanks to the developers of the\u003Cbr \u002F>\nbcrypt.js library https:\u002F\u002Fgithub.com\u002FdcodeIO\u002Fbcrypt.js.\u003Cbr \u002F>\nThe library is used for client-side hashing.\u003C\u002Fp>\n","This plugin implements challenge response authentication. In addition, the WordPress hasher is replaced by native PHP libraries.",872,"2022-01-23T13:39:00.000Z","5.9.0","5.7.0",[113,114,98],"challenge-response","hash","http:\u002F\u002Fmb-challenge-response-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmb-challenge-response-authentication.1.0.0.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":13,"downloaded":125,"rating":13,"num_ratings":13,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":129,"tags":130,"homepage":133,"download_link":134,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"point-tracker","Point Tracker","1.6","Ryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fgodsgood33\u002F","\u003Cp>This plugin does not require but works well with membership plugins.  The admin can create a challenge, share the challenge link with whom they wish.  Those wishing to participate can click on the link and opt to join the challenge. Once the participant has joined the challenge, they can enter activity against that challenge upto daily and receive points.\u003C\u002Fp>\n","This plugin will allow site admins to create challenges and then participants can enter their activity.",1593,"2018-12-31T18:48:00.000Z","5.0.25","4.4.2","5.6",[4,131,132],"content","team-activities","https:\u002F\u002Fgithub.com\u002Fgodsgood33\u002Fpoint-tracker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpoint-tracker.1.6.zip",{"attackSurface":136,"codeSignals":323,"taintFlows":352,"riskAssessment":439,"analyzedAt":448},{"hooks":137,"ajaxHandlers":291,"restRoutes":310,"shortcodes":311,"cronEvents":319,"entryPointCount":168,"unprotectedCount":147},[138,144,148,153,157,161,165,169,172,176,180,184,188,192,196,200,204,208,212,216,220,224,228,232,236,239,243,247,251,255,258,262,265,269,273,276,278,281,283,285,286,288],{"type":139,"name":140,"callback":141,"file":142,"line":143},"filter","theme_page_templates","challenge_theme_page_templates_callback","src\\hooks.php",3,{"type":139,"name":145,"callback":146,"file":142,"line":147},"template_include","challenge_template_include_callback",4,{"type":149,"name":150,"callback":151,"file":142,"line":152},"action","wp","challenge_handle_custom_registration",5,{"type":149,"name":154,"callback":155,"file":142,"line":156},"template_redirect","challenge_handle_join_challenge",6,{"type":149,"name":158,"callback":159,"file":142,"line":160},"challenge\u002Farchive\u002Fcustom_field_data","challenge_archive_custom_field_data",7,{"type":149,"name":162,"callback":163,"file":142,"line":164},"challenge\u002Farchive\u002Fcustom_field_time_status","challenge_archive_custom_time_status",8,{"type":149,"name":166,"callback":167,"file":142,"line":168},"challenge\u002Fsingle\u002Fchallenge_single_page_countown","challenge_single_custom_countown_callback",9,{"type":149,"name":170,"callback":171,"file":142,"line":70},"challenge\u002Fsingle\u002Fchallenge_single_page_after_join_countdown","challenge_single_page_after_join_countdown",{"type":149,"name":173,"callback":174,"file":142,"line":175},"challenge\u002Fsingle\u002Fbreadcurmb_data_for_single_service","challenge_breadcurmb_data_for_single_service",11,{"type":149,"name":177,"callback":178,"file":142,"line":179},"challenge\u002Fsingle\u002Fchallenge_single_page_checkpoint_data_details","challenge_single_page_checkpoint_data_details",12,{"type":149,"name":181,"callback":182,"file":142,"line":183},"challenge\u002Fsingle\u002Fjoining_button_hook","challenge_joining_button_hook_callback",13,{"type":149,"name":185,"callback":186,"file":142,"line":187},"challenge\u002Fsingle\u002Fchallenge_single_page_get_certificate_download","challenge_single_page_get_certificate_download_callback",14,{"type":149,"name":189,"callback":190,"priority":70,"file":142,"line":191},"woocommerce_order_status_completed","challenge_check_product_checkout_status",23,{"type":149,"name":193,"callback":194,"file":142,"line":195},"save_post","challenge_schedule_email_on_post_save",24,{"type":149,"name":197,"callback":198,"priority":70,"file":142,"line":199},"send_checkpoint_start_email_callback","challenge_send_checkpoint_start_email_callback",25,{"type":139,"name":201,"callback":202,"priority":70,"file":142,"line":203},"use_block_editor_for_post_type","challenge_disable_gutenberg_for_custom_post_type",27,{"type":139,"name":205,"callback":206,"priority":70,"file":142,"line":207},"classic_editor_plugin_settings","challenge_force_classic_editor_for_custom_post_type",28,{"type":149,"name":209,"callback":210,"file":142,"line":211},"admin_menu","challenge_remove_custom_fields_meta_box",29,{"type":139,"name":213,"callback":214,"priority":70,"file":142,"line":215},"post_row_actions","challenge_custom_post_duplicate_link",30,{"type":149,"name":217,"callback":218,"file":142,"line":219},"admin_action_duplicate_post","challenge_custom_post_duplicate",31,{"type":149,"name":221,"callback":222,"file":142,"line":223},"init","challenge_disable_deprecated_warnings",32,{"type":149,"name":225,"callback":226,"file":142,"line":227},"admin_init","challenge_style_tab_color_settings_init",33,{"type":149,"name":229,"callback":230,"file":142,"line":231},"wp_enqueue_scripts","challenge_add_inline_styles",34,{"type":149,"name":233,"callback":234,"priority":70,"file":142,"line":235},"wp_login","challenge_redirect_user_after_login",36,{"type":149,"name":193,"callback":237,"priority":70,"file":142,"line":238},"challenge_set_default_featured_image_on_save",37,{"type":139,"name":240,"callback":241,"priority":70,"file":142,"line":242},"register_post_type_args","challenge_change_featured_image_label",38,{"type":149,"name":244,"callback":245,"file":142,"line":246},"admin_enqueue_scripts","challenge_highlight_custom_admin_menu",39,{"type":149,"name":248,"callback":249,"file":142,"line":250},"wp_head","challenge_wp_head_caallback",41,{"type":149,"name":244,"callback":252,"file":253,"line":254},"enqueue_styles","src\\Inc\\Admin\\Admin.php",15,{"type":149,"name":244,"callback":256,"file":253,"line":257},"enqueue_scripts",16,{"type":149,"name":259,"callback":260,"file":253,"line":261},"add_meta_boxes","challenge_add_meta_boxes",17,{"type":149,"name":193,"callback":263,"file":253,"line":264},"challenge_save_meta_box_data",18,{"type":139,"name":266,"callback":267,"file":253,"line":268},"manage_edit-challenge_columns","add_extra_column_for_challenge_post",20,{"type":149,"name":270,"callback":271,"priority":70,"file":253,"line":272},"manage_challenge_posts_custom_column","manage_challenge_post_columns",21,{"type":149,"name":209,"callback":274,"file":253,"line":275},"add_submenu_page_for_challenge",22,{"type":149,"name":225,"callback":277,"file":253,"line":191},"flush_my_challenge_url",{"type":149,"name":279,"callback":280,"file":253,"line":195},"save_post_challenge","save_post_challenge_flush_rewrites",{"type":149,"name":282,"callback":282,"file":253,"line":199},"admin_notices",{"type":149,"name":229,"callback":252,"file":284,"line":257},"src\\Inc\\Frontend\\Frontend.php",{"type":149,"name":229,"callback":256,"file":284,"line":261},{"type":139,"name":145,"callback":287,"file":284,"line":264},"load_challenge_templates",{"type":149,"name":221,"callback":289,"file":290,"line":160},"register_challenge_post_type","src\\Register_Menu.php",[292,296,298,302,303,307,309],{"action":293,"nopriv":294,"callback":295,"hasNonce":294,"hasCapCheck":294,"file":142,"line":261},"submit_checkpoint_popup_action",false,"challenge_submit_checkpoint_popup_action_callback",{"action":293,"nopriv":297,"callback":295,"hasNonce":294,"hasCapCheck":294,"file":142,"line":264},true,{"action":299,"nopriv":294,"callback":300,"hasNonce":294,"hasCapCheck":294,"file":142,"line":301},"finish_checkpoint_popup_action","challenge_finish_checkpoint_popup_action_callback",19,{"action":299,"nopriv":297,"callback":300,"hasNonce":294,"hasCapCheck":294,"file":142,"line":268},{"action":304,"nopriv":294,"callback":305,"hasNonce":297,"hasCapCheck":294,"file":253,"line":306},"remark_pass_fail_challenge","remark_pass_fail_challenge_callback",26,{"action":308,"nopriv":294,"callback":308,"hasNonce":297,"hasCapCheck":294,"file":253,"line":207},"handle_certificate_image_form_submission",{"action":308,"nopriv":297,"callback":308,"hasNonce":297,"hasCapCheck":294,"file":253,"line":211},[],[312,316],{"tag":313,"callback":314,"file":315,"line":160},"challenge_login_form","challenge_login_form_callback","src\\Shortcode.php",{"tag":317,"callback":318,"file":315,"line":164},"challenge_registration_form","challenge_registration_form_callback",[320],{"hook":198,"callback":198,"file":321,"line":322},"src\\functions.php",666,{"dangerousFunctions":324,"sqlUsage":325,"outputEscaping":327,"fileOperations":143,"externalRequests":13,"nonceChecks":164,"capabilityChecks":49,"bundledLibraries":351},[],{"prepared":13,"raw":13,"locations":326},[],{"escaped":328,"rawEcho":70,"locations":329},221,[330,333,335,337,339,341,343,345,347,349],{"file":321,"line":331,"context":332},377,"raw output",{"file":321,"line":334,"context":332},1060,{"file":321,"line":336,"context":332},1063,{"file":253,"line":338,"context":332},123,{"file":253,"line":340,"context":332},124,{"file":253,"line":342,"context":332},126,{"file":253,"line":344,"context":332},144,{"file":253,"line":346,"context":332},591,{"file":348,"line":254,"context":332},"templates\\template-challenge-login.php",{"file":350,"line":187,"context":332},"templates\\template-challenge-register.php",[],[353,379,392,406,417,430],{"entryPoint":354,"graph":355,"unsanitizedCount":72,"severity":378},"challenge_remarks_submenu_page_callback (src\\Inc\\Admin\\Admin.php:394)",{"nodes":356,"edges":375},[357,362,368,372],{"id":358,"type":359,"label":360,"file":253,"line":361},"n0","source","$_REQUEST",398,{"id":363,"type":364,"label":365,"file":253,"line":366,"wp_function":367},"n1","sink","echo() [XSS]",468,"echo",{"id":369,"type":359,"label":370,"file":253,"line":371},"n2","$_REQUEST (x7)",400,{"id":373,"type":364,"label":365,"file":253,"line":374,"wp_function":367},"n3",477,[376,377],{"from":358,"to":363,"sanitized":294},{"from":369,"to":373,"sanitized":297},"medium",{"entryPoint":380,"graph":381,"unsanitizedCount":72,"severity":378},"participants_submenu_page_callback (src\\Inc\\Admin\\Admin.php:549)",{"nodes":382,"edges":389},[383,385,386,387],{"id":358,"type":359,"label":360,"file":253,"line":384},553,{"id":363,"type":364,"label":365,"file":253,"line":346,"wp_function":367},{"id":369,"type":359,"label":360,"file":253,"line":384},{"id":373,"type":364,"label":365,"file":253,"line":388,"wp_function":367},594,[390,391],{"from":358,"to":363,"sanitized":294},{"from":369,"to":373,"sanitized":297},{"entryPoint":393,"graph":394,"unsanitizedCount":13,"severity":405},"challenge_handle_join_challenge (src\\functions.php:94)",{"nodes":395,"edges":403},[396,399],{"id":358,"type":359,"label":397,"file":321,"line":398},"$_POST",101,{"id":363,"type":364,"label":400,"file":321,"line":401,"wp_function":402},"wp_redirect() [Open Redirect]",138,"wp_redirect",[404],{"from":358,"to":363,"sanitized":297},"low",{"entryPoint":407,"graph":408,"unsanitizedCount":13,"severity":405},"challenge_submit_checkpoint_popup_action_callback (src\\functions.php:533)",{"nodes":409,"edges":415},[410,413],{"id":358,"type":359,"label":411,"file":321,"line":412},"$_POST (x3)",538,{"id":363,"type":364,"label":365,"file":321,"line":414,"wp_function":367},563,[416],{"from":358,"to":363,"sanitized":297},{"entryPoint":418,"graph":419,"unsanitizedCount":13,"severity":405},"\u003Cfunctions> (src\\functions.php:0)",{"nodes":420,"edges":427},[421,422,423,425],{"id":358,"type":359,"label":397,"file":321,"line":398},{"id":363,"type":364,"label":400,"file":321,"line":401,"wp_function":402},{"id":369,"type":359,"label":424,"file":321,"line":398},"$_POST (x13)",{"id":373,"type":364,"label":365,"file":321,"line":426,"wp_function":367},160,[428,429],{"from":358,"to":363,"sanitized":297},{"from":369,"to":373,"sanitized":297},{"entryPoint":431,"graph":432,"unsanitizedCount":13,"severity":405},"\u003CAdmin> (src\\Inc\\Admin\\Admin.php:0)",{"nodes":433,"edges":437},[434,436],{"id":358,"type":359,"label":435,"file":253,"line":361},"$_REQUEST (x10)",{"id":363,"type":364,"label":365,"file":253,"line":366,"wp_function":367},[438],{"from":358,"to":363,"sanitized":297},{"summary":440,"deductions":441},"The 'challenge' plugin v1.0.0 exhibits a mixed security posture. On the positive side, it demonstrates strong practices in its SQL query handling, utilizing prepared statements exclusively, and generally good output escaping (96% properly escaped). The absence of any known vulnerabilities (CVEs) or concerning taint flows is also a significant strength. However, a notable weakness lies in its attack surface, with 7 AJAX handlers, of which 4 lack authentication checks. This presents a significant risk of unauthorized actions being performed if these handlers can be triggered by unauthenticated users. The presence of file operations without further context is also a minor concern, as is the limited number of capability checks, suggesting potential for privilege escalation if specific functions are exposed.\n\nThe plugin's vulnerability history is currently clean, which is an excellent sign. This suggests either a well-written codebase or a relatively new plugin that hasn't been extensively targeted or scrutinized. The lack of recorded common vulnerability types further reinforces this positive observation. Despite the clean history, the identified unprotected AJAX handlers are a tangible and immediate risk that requires attention. The plugin has several good security practices in place, particularly around database interactions and output handling, but the unprotected entry points create a clear avenue for potential exploitation.",[442,444,446],{"reason":443,"points":70},"Unprotected AJAX handlers",{"reason":445,"points":152},"Limited capability checks",{"reason":447,"points":143},"File operations without context","2026-03-16T22:15:42.575Z",{"wat":450,"direct":458},{"assetPaths":451,"generatorPatterns":453,"scriptPaths":454,"versionParams":455},[452],"\u002Fwp-content\u002Fplugins\u002Fchallenge\u002Fassets\u002Fimages\u002Favatar.png",[],[],[456,457],"challenge\u002Fstyle.css?ver=","challenge\u002Ffrontend.js?ver=",{"cssClasses":459,"htmlComments":463,"htmlAttributes":464,"restEndpoints":476,"jsGlobals":477,"shortcodeOutput":478},[460,461,462],"avatar_img","participints_box","timeline_box",[],[465,466,467,468,469,470,471,472,473,474,475],"clg_submit_registration","clg_register_nonce","clg_username","clg_email","clg_password","join_challenge","challenge_id","clg_join_challenge_nonce","challenge_product_select","enrolled_users","cart_added_product",[],[],[479,480],"\u003Cb>","\u003C\u002Fb> participant",{"error":297,"url":482,"statusCode":483,"statusMessage":484,"message":484},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fchallenge\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":72,"versions":486},[487],{"version":6,"download_url":22,"svn_tag_url":488,"released_at":24,"has_diff":294,"diff_files_changed":489,"diff_lines":24,"trac_diff_url":24,"vulnerabilities":490,"is_current":297},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fchallenge\u002Ftags\u002F1.0.0\u002F",[],[]]